techrepublic.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-15.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-15 2026 | Google Bug Hunter Claims $500K From AI-Assisted Vulnerability PipelineAPI Sec | Pipeline for AI-assisted vulnerability discovery, reportedly used by researcher Brutecat to claim over $500,000 in Google bug bounties. This workflow leverages API discovery documents, gathered API keys from APKs, and a Chrome extension for network traffic analysis to identify over 1,500 APIs. The pipeline converts API definitions into testable formats for AI models to detect broken access control, including insecure direct object references, across services like Google Voice/Fiber and YouTube, with reported bounties ranging from $12,000 to $30,000. |
| 2026-06-06 2026 | Malicious Hugging Face Models Could Trigger Remote Code ExecutionRCE | Vulnerability in Hugging Face Transformers library, CVE-2026-4372, allows remote code execution by loading malicious AI models. Researchers discovered that a crafted `config.json` file within a model can bypass the `trust_remote_code=False` security control, leading to the automatic execution of arbitrary Python code during a standard `from_pretrained()` call. This flaw poses a significant supply chain risk, as millions of users may have downloaded vulnerable versions, potentially exposing sensitive assets like cloud credentials and API tokens. |
| 2026-05-28 2026 | Indirect Prompt Injection Is Now a Real-World AI Security ThreatAI | Library for data-layer governance of AI agents, enabling cryptographic authentication, real-time attribute-based access policy evaluation, and tamper-evident audit trails to prevent data exfiltration and credential theft. This approach provides independent enforcement, ensuring security even when models are compromised or prompts are manipulated, addressing vulnerabilities like those seen in GrafanaGhost, ForcedLeak, GeminiJack, and DockerDash, and satisfying regulatory compliance demands. |
| 2026-05-16 2026 | Microsofts Patch Tuesday Update Targets 120 Security FlawsRCE | Microsoft's latest Patch Tuesday update addresses 120 security vulnerabilities, a significant release aimed at bolstering system security. This update is critical for users to install to protect their systems from potential exploits. The specific details of each vulnerability and the affected products are available in Microsoft's official release notes. The content does not mention any specific bug bounty payout amounts. |
| 2026-05-15 2026 | OpenAI Warns Mac Users to Update Apps After Supply-Chain AttackSupply Chain | OpenAI has issued a warning to Mac users, advising them to update their applications promptly due to a supply-chain attack. This attack potentially compromised applications downloaded from unauthorized sources or modified by third parties. Users are urged to remove any suspect applications and reinstall them from official sources to mitigate the risk of malware or data theft. The specific payout for reporting this vulnerability was not mentioned. |
| 2026-05-05 2026 | Google Update: Android Flaw Could Put Billions of Devices at RiskMobileRCE | Google has addressed a critical vulnerability in Android that could have affected billions of devices. The flaw, detailed in a recent update, potentially exposed users to significant security risks. While the specific nature of the exploit and its full impact remain underspecified in the provided content, Google's swift patching mitigates the threat. The article highlights Google's ongoing efforts to secure the Android ecosystem. No bounty payout amount is mentioned. |